This Asus Wi-Fi router can be hacked — what to do right now

1. Home
2. News
3. Security

This Asus Wi-Fi router can be hacked — what to do correct now

(Image credit: Syafiq Adnan/Shutterstock)

If you own an Asus RT-AC1900P home wireless router, it's time to patch it. Asus recently issued a firmware update to fix two serious security flaws that could permit an aggressor with access to your home network hack both your router and your PC.

Trustwave, the security firm that institute the flaws, disclosed the issues in a security advisory yesterday (July 22). Information technology explained that the Asus router searches for firmware updates on the Asus website by using a file-download tool but without checking digital security certificates.

"Equally a result, MITM [homo-in-the-middle] attack is trivial when the device is continued to a malicious network," the Trustwave advisory says.

• The all-time Wi-Fi routers for your home or modest function
• Your router's security stinks: Hither's how to fix information technology
• New: iPhone 12 blown abroad by Samsung Galaxy S20 Fan Edition leak

That ways an aggressor tin can trick the router into downloading and installing malicious firmware updates. And because an assaulter tin can do that, a trap can be fix for when the router'south owner logs into the router's authoritative interface, which is displayed in a web browser on the owner'southward PC or Mac.

"An aggressor can then craft [a] malicious file containing release notes for the 'new' firmware that will contain arbitrary JavaScript," Trustwave said in its advisory.

"Due to cross-site-scripting, the malicious JavaScript will be executed when an unsuspecting admin user clicks the release notes link on the Firmware Upgrade page."

• Out and about? Come across how to apply a VPN to stay safe on public Wi-Fi
• Secure your whole household'due south connection with the best router VPN
• You can too share your VPN connection with a virtual router

After this, all bets are off

1 malicious JavaScript is running in your browser, all bets are off. An attacker can silently redirect your browser to pages containing browser exploit scripts or drive-by downloads, both of which will try to infect your computer with malware. You'd better promise you've got ane of the best antivirus programs backing yous upwards.

Because the attacker already controls your router, he or she tin also alter the router settings so that you're led to simulated banking or email websites in attempts to capture account login credentials or to play a trick on y'all into installing corrupted software.

How to avoid attacks based on this router flaw

To avoid these nightmare scenarios, you can open up up your Asus router's administration panel and run across if a firmware update is bachelor. (Asus has instructions here.)

Alternately, caput over to the Asus firmware-update folio for the RT-AC1900P and download the about recent update.

You should always change the administrator password on your router as soon equally you get it out of the box. And make sure that the admission countersign for your dwelling house Wi-Fi network isn't something easy to guess and is at least x characters long. Yous don't want random neighbors getting access and possibly playing havoc with your router.

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry melt, long-haul driver, lawmaking monkey and video editor. He's been rooting effectually in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown upwardly in random TV news spots and even chastened a panel discussion at the CEDIA home-engineering conference. You lot tin can follow his rants on Twitter at @snd_wagenseil.

Source: https://www.tomsguide.com/news/asus-router-flaw-patch

Posted by: rountreehisis1968.blogspot.com

Share this post